Skip to content

Commit

Permalink
Fixed issue [security] #16841: XSS vulnerability with registration
Browse files Browse the repository at this point in the history 
Dev: encryptSave NEED validation
Dev: reload value after save
Dev: only superadmin can add XSS now
  • Loading branch information
@Shnoulle
Shnoulle committed Nov 23, 2020
1 parent 92e625e commit 83f7427
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 9 deletions.
5 changes: 2 additions & 3 deletions application/controllers/RegisterController.php
View file
Expand Up @@ -294,8 +294,7 @@ public function sendRegistrationEmail($iSurveyId, $iTokenId)
$aMessage['mail-thanks'] = gT("Thank you for registering to participate in this survey.");
if($mailerSent) {
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", Yii::app()->getConfig('timeadjust'));
$oToken->sent = $today;
$oToken->encryptSave();
Token::model($iSurveyId)->updateByPk($iTokenId, array('sent' => $today));
$aMessage['mail-message'] = $this->sMailMessage;
} else {
$aMessage['mail-message-error'] = gT("You are registered but an error happened when trying to send the email - please contact the survey administrator.");
Expand Down Expand Up @@ -354,7 +353,7 @@ public function getTokenId($iSurveyId)
$oToken->validuntil = $aSurveyInfo['expires'];
}
$oToken->generateToken();
$oToken->encryptSave();
$oToken->encryptSave(true);
$this->sMailMessage = gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.");
return $oToken->tid;
}
Expand Down
4 changes: 2 additions & 2 deletions application/models/SurveyDynamic.php
View file
Expand Up @@ -604,9 +604,9 @@ public function getLastNameForGrid()
public function getTokenForGrid()
{
if (is_object($this->tokens) && !is_null($this->tokens->tid)) {
$sToken = "<a class='btn btn-default btn-xs edit-token' href='#' data-sid='".self::$sid."' data-tid='".$this->tokens->tid."' data-url='".App()->createUrl("admin/tokens", array("sa"=>"edit", "iSurveyId"=>self::$sid, "iTokenId"=>$this->tokens->tid, 'ajax'=>'true'))."' data-toggle='tooltip' title='".gT("Edit this survey participant")."'>".strip_tags($this->token)."&nbsp;&nbsp;&nbsp;<span class='fa fa-pencil'></span></a>";
$sToken = "<a class='btn btn-default btn-xs edit-token' href='#' data-sid='".self::$sid."' data-tid='".$this->tokens->tid."' data-url='".App()->createUrl("admin/tokens", array("sa"=>"edit", "iSurveyId"=>self::$sid, "iTokenId"=>$this->tokens->tid, 'ajax'=>'true'))."' data-toggle='tooltip' title='".gT("Edit this survey participant")."'>".CHtml::encode($this->token)."&nbsp;&nbsp;&nbsp;<span class='fa fa-pencil'></span></a>";
} else {
$sToken = '<span class="badge badge-success">'.strip_tags($this->token).'</span>';
$sToken = '<span class="badge badge-success">'.CHtml::encode($this->token).'</span>';
}

return $sToken;
Expand Down
5 changes: 1 addition & 4 deletions application/views/admin/responses/listResponses_view.php
View file
Expand Up @@ -128,10 +128,9 @@
if (!isset($filteredColumns) || in_array('token', $filteredColumns)) {
$aColumns[] = array(
'header' => 'token',
'name' => 'token',
'type' => 'raw',
'name' => 'token',
'value' => '$data->tokenForGrid',

);
}
$filterableColumns['token'] = 'token';
Expand All @@ -141,7 +140,6 @@
'header' => gT("First name"),
'name' => 'tokens.firstname',
'id' => 'firstname',
'type' => 'raw',
'value' => '$data->firstNameForGrid',
'filter' => TbHtml::textField(
'SurveyDynamic[firstname_filter]',
Expand All @@ -154,7 +152,6 @@
$aColumns[] = array(
'header' => gT("Last name"),
'name' => 'tokens.lastname',
'type' => 'raw',
'id' => 'lastname',
'value' => '$data->lastNameForGrid',
'filter' => TbHtml::textField(
Expand Down

0 comments on commit 83f7427

Please sign in to comment.